French company LaCie, maker of various storage solutions, on Tuesday announced that it has been the victim of a massive attack that exposed the personal data of buyers, including credit cards, to a third party. The company said it was informed by the FBI on March 19 that “an unauthorized person used malware to gain access to information from customer transactions that were made through LaCie’s website.” The company has hired an investigation firm, and has temporarily disabled its online store, while it secures it.
LaCie said that it believes all transactions made between March 27, 2013 and March 10, 2014 may be affected. Hackers were apparently able to access customers’ names, addresses, emails, card numbers and expiration dates and even their website user names and passwords.
The company has begun notifying affected customers about the breach on April 11, 2014, and it reset the passwords on its site for all customers. It’s not clear how many customers were affected by the breach, as the company did not mention such details. LaCie is also yet to mention how the hackers got into its e-commerce system.
The breach was first detailed on March 17 by Krebs on Security, almost a month before LaCie acknowledged it. According to the publication, LaCie is only one of the dozens of online stores that were compromised by a group of hackers who exploited security vulnerabilities in Adobe’s ColdFusion.
